> On 23/03/2022 11:47 mj <li...@merit.unu.edu> wrote: > > > Hi, > > We are logging failed authentication attempts, with the attempted > password as auth_verbose_passwords=sha1 > > The question: is it possible to configure auth_verbose_passwords=plain > for a specific user only? Turning it on globally would be too much > sensitive information for the purpose. > > Reason: > > We are currently observing a high number of failed authentications for a > specific user, coming from *many* diffirent IPs across the globe, with > most IPs only trying once or twice, making this difficult to block. The > number of failed authentications cause this account to regularly become > blocked in AD. > > We would like to know if they are trying older actual passwords from the > user, or if it's just dictionary attack. > > Thanks!
Well, is the sha1 value same every time? If it is, then they are trying same password each time. Aki